update report

REPORT.md

@@ -44,14 +44,6 @@ Reason: one blocking, code-level security issue was found.
 
 ## Additional Code-Level Findings (Non-blocking)
 
-### Medium: Non-deterministic frontend dependency versioning
-- Severity: Medium
-- Risk: `lucide-react` is set to `latest`, making builds time-dependent and increasing supply-chain unpredictability.
-- Evidence:
-  - `frontend/package.json:13`
-- Recommendation:
-  - pin an explicit semver version and update intentionally via dependency review workflow
-
 ### Low: One security middleware regression test is currently not executable
 - Severity: Low
 - Risk: reduced confidence in continued enforcement of upload middleware behavior.